Networking 


. What is a Hub? 

Hub is a layer 1 device that connects multiple computers. Hub 
usually terms as ‘dumb’ device because it broadcasts all the data 
to every port 

. What is a Switch? 

Switch is a layer 2 device. Switch can decide which computer is 
the message intended for and send the message directly to the 
right computer (Instead of a broadcast) 

. What is a Router? 

Router is a layer 3 device that connects 2 or more networks. 
Routers can calculate the best route for sending data from one 
point to another using routing protocol. 

. What are the ranges of private IP? 

Private IP addresses are also called as Non-Routable IP Addresses 


A 10.0.0.1 TO 
10.255.255.255 
B 172.16.0.1 TO 172. 31. 
255.255 

C 192.168.0.1 TO 
192.168.255.255 


. What is NAT? 

NAT Stands for Network Address Translation 

It is the process of converting one IP to another. Usually a private 
IP to a Public IP and vice versa. 

. What is PAT? 

PAT Stands for Port Address Translation 

PAT permits multiple devices on a LAN to be mapped to a single 
public IP address. The goal of PAT is to conserve public IP 
addresses. 

. Commonly used port numbers? 


20 FTP-Data Transfer | File Transfer Protocol-Data 

21 FTP-Command File Transfer Protocol-Control 
Control 

22 SSH-Secure Login | Secure Shell 


4 23 TELNET Remote login Service 

5 25 SMTP Simple Mail Transfer Protocol 

6 53 DNS Domain Name system 

7 67 DHCP Dynamic Host Configuration 
Protocol 

8 80 HTTP Hyper text Transfer Protocol 

9 110 POP3 Post Office Protocol 

10 115 SFTP Secure File Transfer Protocol 

11 119 NNTP Network new s Transfer 
Protocol 

12 123 NTP Network Time Protocol 

13 143 IMAP Internet Message Access 
Protocol 

14 |161 SNMP Simple network management 
protocol 

15 194 IRC Internet Relay Chat 

16 |443 HTTPS Hyper text Transfer Protocol 
Secure 

17 |445 SMB Server message block 


8. Networking Basic Command Line Tools 


> 
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How to find the IP address of a machine? 

ipconfig 

How to find the MAC address of a machine? 

lpconfig /all 

What is MAC address listed as in windows machine? 
Physical address 

How do you find if DHCP is enabled on a system? 
lpconfig /all 

How do you find the default gateway on the system? 
lpconfig /all 

How do you find DNS servers on a system? 

lpconfig /all 


How do you check if the destination machine is up and 
running or reachable? 

Ping 

How to check if a port is open on the destination 
server? 

telnet 

How to get the hostname of a machine? 

hostname 

How do you check open port on a machine? 

Netstat -an 


9. Explain the difference between TCP and UDP 


Transmission Control 
Protocol(TCP) 
Connection Oriented 
Acknowledgement for each 
packet transmitted 


User Datagram 
Protocol(UDP) 
Connection less 

No Acknowledgement 


Failed packets are 
retransmitted 


No re-transmission 


Guaranteed Delivery 


Best effort delivery 


Reliable 


Unreliable 


TCP is slower 


UDP is faster 


EX: HTTP,HTTPS,SSH,SMTP etc | EX: Streaming Videos, VOIP 


Calls, etc 


10. Explain 3 way handshake. 
A three-way handshake is a method used in a TCP/IP network to 
create a connection between two hosts. 
It is a 3 step process that requires both the client and server to 
exchange SYN and ACK (acknowledgment) packets before actual 
data communication begins. 


11. Explain packet Structure 
A Packet has 3 main sections 
> IP Header 
> TCP Header 
> Payload 


Few of the important fields in the packets are 


> Source IP 

> Destination IP 
> Source port 

> Destination Port 


> TCP Flags 
> Data 
12. Explain TCP Flags. 

URG(Urgent) Packet to be processed immediately 
PSH(Push) Transmits data immediately 
FIN(finish) No further transmission 
ACK(Acknowledgm | Acknowledges receipt of packet 
ent) 


SYN(Synchronizatio | Initializes connection between host 
n) and Target 


RST(Rest) 


Rest the connection 


13. 


Explain OSI Reference Model 


Layer 


Function 


Device 
s 


Protocol 


Nyo Zoxor 


Applicatio 
n 


Act like interface between user and 
computer. It provides services to 
the user. 


Presentat 
ion 


The data from the application layer 
is extracted here and manipulated 
as per the required format to 
transmit over the network 

Ex: Encoding/Decoding, 
Encryption/Decryption, Compression 


Session 


This layer is responsible for 
establishment of connection, 
maintenance of sessions, 
authentication and also ensure 
security 


NETbios 
ıNFS,RP 
C 


Transport 


1.it provides reliable message 
delivery from process to process 
2.It is also responsible for Error 
control and flow control 


TCP/ 
UDP 


Network 


Data Link 


1.Network layer works for the 
transmission of data from one host 
to the other host. 

2. Takes care of packet routing i.e 
selection of the shortest path to 
transmit the packet from the 
number of routes available 

1.The data link layer is responsible 
for the node to node delivery of the 
messages 

2.It does framing error control, flow 
control etc 

3.Data link layer is divided into two 
sub layers 


3.1.Logical link control 
(LLC) 
3.2.Media Access Control(MAC) 


Router 
s 

Firewal 
l 
IPS 


Switch 


RIP,OSP 
F 


ARP 


Physical It is responsible for the actual HUB 802.11 
physical connections between the Blueto 
devices. oth 
WIFI 


14. What is DNS, How does it works 
DNS Stands for Domain Name System. 
It is a service that helps in translating domain names to IP address 
and vice versa. 
15. Does DNS use UDP or TCP? 
> DNS uses both TCP and UDP 
> UDP for DNS Queries 
> TCP for Zone Transfers 
16. DNS Records Types. 


A Host Address 

AAAA IPv6 Host address 

ALIAS Auto resolved alias 

CNAME Canonical name for an alias 
MX Mail exchange 

NS Name server 

PTR pointer 

SOA Start of Authority 

SRV Location of service 

TXT Description text 


17. What is DHCP and how it works 
DHCP stands for Dynamic Host Configuration protocol. 
DHCP Server automatically assigns an IP address and other 
information to each host and on the network so they can 
communicate with other endpoints. 
18. How DHCP Works 
> DHCP works on a process called DORA 
> D=Discover 
> O=Offer 
> R=Request 
> A=Acknowledge 
19. What will the IP address of the client machine when it sends 
DISCOVER message? 
The source IP will be 0.0.0.0 
20. How client does know the IP address of the DHCP 
Server, to send a Discover message? 


The client would not be knowing the DCHP address, hence it 
broadcasts the discover message. l.e. Destination IP Will be 
255.255.255.255 
21. What happen if no DHCP server is available on the 
network? 
The client gets an IP is the APIPA (Automatic Private IP Addressing) 
range. The range is between 169.254.0.0 - 169.254.255.255 
22. What happen when the DHCP server runs out of IP 
Addresses? 
When you start running out of addresses, your subnet is said to be 
oversubscribed. Then the DHCP server refuse to assign an IP 
address until a device in the network releases an IP address. 
23. What are proxy servers and how do they protect 
computer networks? 
> Proxy servers process the request on behalf of other 
machines. The IP address is converted by NAT process. 
> Proxy servers primarily prevent external users from 
identifying the IP addresses of an internal network. 
> Without knowledge of the correct IP address, even the 
physical location of the network cannot be identified. 
> Proxy servers can make a network virtually invisible to 
external users. 
24. When you use a proxy, is DNS query done by client or 
proxy server? 
> It depends on the type of proxy being used. 
> If itis a simple IP proxy, then the client will do a DNS query, 
resolve the destination domain name and send the request to 
proxy. 
> If the proxy is a http proxy (web proxy), the client directly 
send the request to proxy. Proxy requests for DNS resolution 
and forward the traffic 
25. What is firewall 
> A firewall is a network security system that monitors and 
controls incoming and outgoing network traffic based on 
predetermined security rules (ACL-Access Control list). 
Traditional firewalls works at Layer3 and Layer4. 
26. When we can write ACLs in router, why we need a 
firewall? 
> Primary function of a router is to route the traffic. If we add 
packet filtering function on to the router, it will slow down the 
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network. Hence it is a good practice to separate filtering and 
routing functionality. 

What is DMZ 

DMZ stands for Demilitarized Zone. It is a network segment 
used to host public facing servers. The DMZ isolates the 
public facing servers from internal servers, so if the servers 
in DMZ are compromised the attack doesn’t spread to 
internal network. 
What is implicit Deny 

If traffic is not explicitly allowed within an access list then by 
default it is denied 

What is the difference between firewall deny and Drop 

When the firewall is set to Deny a connection, it blocks the 
connection and sends a Reset (RST) packet to the request 
(source). 

When the firewall is set to Drop a connection, it just drops the 
requests without giving any message to the requester. 
What is stateful inspection 

A stateful firewall maintains a table of active connections it 
has allowed in a state table. Further packets associated with 
the session are permitted to pass through the firewall. 

What is VPN 
A virtual private network (VPN) extends a private network 
across a public network, and enables users to send and 
receive data across public networks as if they were directly 
connected to the private network. 
There are 2 types of VPN: Site to Site VPN- used to connect 
two office locations. Remote VPN- used to connect to 
corporate network 

What is IDS 

An intrusion detection system is a network security solution 
that detects the malicious traffic based on the signatures. IDS 
systems compare the current network activity to a known 
threat database (Network signature) to detect several kinds 
of behaviours like security policy violations, Malware and port 
scanners. 

What is IPS 

IPS Scans the traffic, detects and can also block (prevent) the 
malicious traffic on network signatures. 

Difference between IPS and Firewall. 


> A firewall inspects TCP/IP header working on ACLs. 

> IPS does deep packet inspection (checks both header and 
payload) using network signatures. 

35. Where do you place IPS 

> An IPS is usually placed after the firewall. Firewall does the 
heavy lifting of blocking all the unwanted traffic based on 
TCP/IP header. And of the traffic that is allowed, IPS will do 
deep packet inspection. Because of this IPS needs more 
processing power than a firewall. 


